forward problem - DNS

This is a discussion on forward problem - DNS ; I have been asked basically to provide a "sitefinder" like service for some people so they have something other than the default browser 404 page. I am fully aware of the problems this can cause, however in this limited environment ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: forward problem

  1. forward problem

    I have been asked basically to provide a "sitefinder" like service for
    some people so they have something other than the default browser 404
    page. I am fully aware of the problems this can cause, however in this
    limited environment it wont be a problem, but I am finding that the
    forward options do not appear to be working as advertised (at least what
    I have read). As such I would request that the discussions related to
    the political side of this issue be ignored for this thread, I know its
    a charged issue, but I also dont operate a root server, or really
    anything outside of a small office of people who wanted this, as I am
    the "goto volunteer" the task fell to me.

    I have tried both forwarding to my local bind via a different view, as
    well as to a 3rd party DNS server (ISPs) and neither appear to be
    working. I have tried placing the forward/forwarders options both in
    the main options{} section as well as in the view that really needs it,
    both failed.

    When I use the localhost view it works as one would expect, when I use
    the internal view I get only the wildcard data. I verified with tcpdump
    and setting to the ISP NS that it does not send any packets out to
    'forward' the request.

    So my question is why does "forward first" not forward first then check
    the root zone, why does it go directly to the root zone and not even
    attempt to forward first? Its either a broken (as I understand it)
    feature or my config is bad.

    Or is there some other way to basically remap a NXDOMAIN to something
    else short of either a proxy, code hack, or something else that I would
    prefer to avoid if it can be done via the configs.


    Thanks,



    Here is what I am doing (which doesnt forward):

    options {
    forward first;
    forwarders { 127.0.0.1; }; // also tried the ISP NS
    // I also tried putting these in the view and the zone
    // and neither had the desired effect
    };

    acl "internal" { 192.168.0.0/16; 10.0.0.0/8; 172.16.0.0/20; };
    view "internal" {
    match-clients { "internal"; };
    recursion yes; // out of desperation
    zone "." { type master; file "wildcard"; };
    }

    view "localhost" {
    match-clients { localhost; }
    forwarders {};
    zone "." {type hint; file "db.root"; };
    }

    --
    Trixter http://www.0xdecafbad.com Bret McDanel
    Belfast +44 28 9099 6461 US +1 516 687 5200
    http://www.trxtel.com the phone company that pays you!



  2. Re: forward problem

    In article ,
    Trixter aka Bret McDanel wrote:

    > So my question is why does "forward first" not forward first then check
    > the root zone, why does it go directly to the root zone and not even
    > attempt to forward first? Its either a broken (as I understand it)
    > feature or my config is bad.


    You only recurse when you don't already have the answer in memory. If
    you're authoritative for the zone, the answer is in memory by definition.

    The "first" in "forward first" means to do it before following NS
    records, it doesn't mean that it takes precedence over authoritative
    data.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE don't copy me on replies, I'll read them in the group ***


+ Reply to Thread